Forum Academy Marketplace Showcase Pricing Features

Privacy policy for custom states

Hello everyone,

I am using a custom state of an element as a temporary memory to store some of the current user’s data. I use the custom state instead of the database because it eases up the workflow. However, I am not sure about the privacy policy of these custom states.

The question I have is, what is the privacy policy for the custom states, if there is any?
Of course, when a user logs out, I reset the state, but what if a user does not log out? The information stays there?

What if there are two users simultaneously using the app. Is there any scenario in which user 1 sets a custom state, and somehow user 2 sees or uses the custom state set by user 1?

Last but not least, is it OK to use custom states for storing sensitive data, or it is better to always use a database where we have more direct and explicit control over the access and privacy?

Thank you in advance!

The way I understand them is that states are client side, cookies-type of things. Is it private? I guess it’s on the hands of the user’s browser.

2 users in 2 different machines? That won’t happen.


Use states sparingly. Do the heavy lifting on the database. Privacy rules has some learning curve, but it’s necessary learning.

Thank you so much, Rico, for the reply and for explaining the custom state of the elements and how they are implemented. I love how productive Bubble is, but at the same time not knowing what is happening behind the scene gives me anxiety! I am new to this Bubble platform, how can we figure out definitive answers to questions such as this? I couldn’t find any info in the documentation. Are Bubble engineers active in this forum?

As for privacy, users usually prefer the data lives on their machine and browser instead of being saved in a database on the cloud, and let’s don’t forget compliance complications for the uploaded data. So with this local implementation of custom states, it would be actually preferable to use custom states over uploading to the server whenever possible (?).

Yes, there quite a few engineers active here. They even have a program to watch unanswered threads.

About compliance, I’ve seen lots of threads on HIPAA compliance, but I don’t think it’s solved yet.

1 Like